﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;
using System.Security.Cryptography;
using System.Text;
using System.Web.Security;

namespace FIleForensics
{
    public partial class login : System.Web.UI.Page
    {
        
        public static int count = 2;

        protected void Page_Load(object sender, EventArgs e)
        {
            
        }

        protected void btnLogIn_Click(object sender, EventArgs e)
        {
            
            string username = this.txtUsername.Text;
            string connString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=C:\\Users\\jwilson\\Documents\\Visual Studio 2010\\Projects\\Course Work 2\\FIleForensics\\App_Data\\FileForensic.mdf;Integrated Security=True;User Instance=True";
            
            SqlConnection conn = new SqlConnection(connString);
            //SqlCommand accountLock = new SqlCommand("UPDATE LogIn SET AccountLocked = 0 WHERE Username = @Username", conn);
            SqlCommand command = new SqlCommand("SELECT * FROM LogIn WHERE Username = @Username", conn);
            command.Parameters.Add("@Username", SqlDbType.NVarChar).Value = this.txtUsername.Text;

            conn.Open();

            SqlDataReader reader = command.ExecuteReader();

            if (reader.Read())
            {
                string password = reader["Password"].ToString();
                string hashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(this.txtPassword.Text, "sha1");

                int admin = Convert.ToInt16(reader["IsAdmin"]);
                int accountLocked = Convert.ToInt16(reader["AccountLocked"]);
                
                if(accountLocked != 1)
                    if (password == hashedPassword && admin == 0)
                    {
                        Response.Redirect("main.aspx", false);
                        Session["User"] = username;
                    }
                    else if (password == hashedPassword && admin == 1)
                    {
                        Response.Redirect("admin.aspx", false);
                        Session["User"] = username;
                    }
                    else
                    {
                       lblWrongUsePass.Visible = true;
                        count = count + 1;
                    }      
            }
            else
            {
                lblWrongUsePass.Visible = true;
                count = count + 1;
            }

            conn.Close();

            if (count > 3)
            {
                SqlCommand accountLock = new SqlCommand("UPDATE LogIn SET AccountLocked = 1 WHERE Username = @Username", conn);
                accountLock.Parameters.Add("@Username", SqlDbType.NVarChar).Value = this.txtUsername.Text;
                conn.Open();
                accountLock.ExecuteNonQuery();
                conn.Close();
                Response.Redirect("failure.aspx", false);

            }

        }

    }
}